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ABSTRACT 


Phishing is basically the type of cybercrime in which attackers 
imitates a real person through institution and mimics that they are 
sending message from an authorized organization and then take the 
details of the user (personal identity, credit card details and any type 
of bank information) and will breach the personal details of the user. 
There are many free tools to help in web based scams. Basically the 
free anti- phishing toolbars in the below given study were examined 
many example- in which Spoof Guard anti phishing toolbar is 
sufficient and good at identifying fraudulent sites and can also gave 
false positive results. Earth Link, Google, Net Craft, Cloud Mark and 
Internet Explorer seven detected many of the fraudulent or fake sites 
even more than 15% of fraudulent sites are false positive. Trust 
Watch, eBay and Netscape correctly found the fraudulent websites 
and by the combination of the toolbars the expected outcome came 
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1. INTRODUCTION 

Phishing is a type of social engineering attack which 
is use to steal data or we can also say that phishing is 
basically the performance t of breaching (leaking the 
personal information of the user) and attempt to 
breach or leak the personal details of the user in order 
to do fraud or to take the bank card details and of the 
person or user. Information can be — username, 
password and credit card details. Phishing mostly 
happened through popular websites and links, online 
payment processor IT administrator which is 
commonly used by public domains. This occurs when 
an attacker or phisher pretends to be trusted entity in 
order to dupe up a victim or user on to clicking a 
malicious link which will lead to installing of 
malicious malware, and which will stop dead the 
system which is a fragment of ransom ware charge 
and will reveal the sensitive information of the user. 
Phishing is one of the oldest and the type of cyber- 
attacks, since from 1990s. and it is one of the most 
widespread and damaging cyber-attack. There are two 
main consequences of phishing attack —financial loss, 
data loss and legal lawsuits. Phishing contains fake 
emails, websites and links. 
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Types of phishing: - Phishing has been spread via 
mails and fake link s to include VOIPS, SMS. 


> Clone phishing: It is a type of attack where 
phisher or attacker tries to clone the website 
where user is visiting. The cloned website asked 
user to login credentials, copying the real 
websites. This will give authorization to the 
attacker to save the details of the user or victim. 
While clone phishing uses a legitimate or 
previously sent mails which contains the 
attachment and links. It is almost the real copy of 
the web site or the email. The email is spoofed by 
the attacker and originally looks that the real 
organizations sent the mail and the attacker will 
wait for the victim who will click it. When the 
user will click the link, the attacker will scum or 
clone the link and attacker will forward the same 
forged link or email to the contacts of the victim 
inbox. Clone phishing attack is considered as a 
most harmful and dangerous because it is hard for 
victim to recognize the spoofed email. 


> Spear phishing: Spear phishing is basically the 
group specific targeted attack; phishers use to 
target selected groups instead of casting out of 
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thousands emails randomly. And in speared email 
the common things are there in targeted 
organization of group of people for example- 
www.ugdg.co.uk.in add another link will also 
similar like above one like- www. ggogle.co.uk.in 
in both of the links the co.uk.in are common in a 
group of people. The spear phishing attack is the 
highly targeted form of phishing attack. It is very 
hard to recognize the spear attack. Criminals use 
to personalize the emails and impersonate the 
specific sender. The mail goal of the attacker or 
criminal is to trick target in to clicking a link or 
opening an attachment. Spear phishers use to 
target the specific individuals within the specific 
organization but with the specific mission. Spear 
phishing is basically the most prevalent delivery 
method for (APT) which is advanced persistent 
threat attack. Today the cyber criminals and 
Governments are launching the APT attack with 
sophisticated malware in order to detect the attack 
and to get inside the personal account of the user. 
Spear phishing is presented by the one or more of 
the following characteristics. 


Use of zero- day vulnerability: It is advanced 
spear phishing attack which leverage zero - day 
vulnerabilities in browser and also in plug —in or 
desktop applications in order to compromise the 
system. 


Blended or multi vector threat: In spears 
phishing the criminal uses blend of emails 
spoofing or dynamic URLs. 


Multistage attack: It is the initial exploit of the 
system of the first stage of APT attack which 
involves the other stages of the malware out 
bound communication. 


Well - crafted emails forgeries: In this attacker 
use to threat the targeted individual with specific 
organization. 


Phone phishing /Vishing : This is the type of 
phishing which refers through messages and 
phone calls in which the criminal or attacker use 
to pretends that they are bank workers or manager 
and asking the user to telephone or call up 1 a 
number concerning the funds of the user or details 
or in simple terms we can also define that the 
phone phishing refers to the phone calls from the 
people who pretend or claim to be from 
authorized and well reputable company. In order 
to get the details of the victim the criminals use to 
some social engineering tactics like psychological 
and social method of manipulating or tricking the 
user. Vishing can be performed in several ways 
like hybrid calls which is the hybridization of two 


parties. Most of the phishing calls are made by 
using voice over internet protocol technology 
which is conducted with the caller ID“spoofing”’. 


There are major common 4 types of examples of 
phone phishing:- 


1. 


Telemarketing fraud: This type of phone 
phishing attack is encompassing many types of 
phone spam calls for example- in the name of 
charity they will ask you to help out the people 
with fund and also asks for the bank account 
details or phone call may be also on that you have 
won the lottery in which for deposition of lottery 
amount criminal will ask you to give the 
information. 


The internal revenue service: It involves the 
malicious attack which pretends that works with 
at the IRS where the attacker will ask you to owe 
the taxes and to pay this immediately. 


Medicare: It is the type of scam which included 
the calls from the healthcare department and 
pretending to work for medicine. 


The social security administration: In this the 
criminal is pretending to be from the social 
security administration (SSA) and will gather 
each facts and details from the holder of the 
account and asks the holder about the security 
benefits. 


DNS based phishing: DNS basically stand for 
Domain Name Server. DNS based spoofing is the 
type of a charge which changed the details which 
are used to deflect or swing online trade to a fake 
websites and links. Once the user logs in their 
own verified account, the criminal will take the 
advantage and will steal the all personal and 
sensitive information of the user even, name 
passwords to the bank account details. DNSSEC 
is the protocol which is designed to secure the 
DNS by verification method. Where the method 
uses the unique which is called as cryptographic 
signatures which are stored alongside with the 
DNS records. 


DNS can help to protect against the following 
terms: 


1. 
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Absence of data hiding: DNSSEC gives 
permission but it fails to cipher or encrypt the 
DNS retaliation due to which the attacker is 
adequate attention on congestion and uses that 
information for more experienced attacks. 


Zone enumeration: DNEESC enables the 
signature validation. It can also be used to 
substantiate the negation of a DNS zone. 
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Complex deployment: DNEESC is also mis- 
configured and that could source server to drop 
the surety welfare and also refuse the 
authorization to a websites completely. 


Man in the middle attack: It refers to an attack 
where the criminal or attacker puts himself or 
herself in between the user and there cognized 
websites. The criminal also uses the malware to 
open the communication channels in between the 
user and the sites. Man in the middle attacks can 
be used to execute advanced persistent threat 
(APT). For example-in an HTTP transaction, a 
TCP connection exists between the user and the 
server, the attacker will split the TCP transfer 
control protocol connection in between two one is 
for the attacker and the other is between the 
attacker and the server. 


Whaling: These types of attack are more targeted 
and the main aim is same as just like phishing. 
Where criminal attempt to create or mimic the 
senior executives by some tricks which are fake 
links and websites or malicious URLs. Attackers 
in whaling target the high profile employees. The 
main goal of the attackers is to manipulate the 
victim in to authorized high value wire transfers 
to attackers. Due to highly targeted nature 
whaling attacks are very difficult to detect and to 
prevent standards. 


Theoretical aspects of phishing techniques: 
> Email spoofing— Is used to make the fraudulent 


email activity hiding email origins. Basically, 
email spoofing occurs when the attackers are able 
to alter the emails senders’ information. Email 
spoofing is done by basically spammers. Phishing 
email contains hostile reasons similar like a virus 
escalates in order to obtain the bank account 
details. SMTP (is basically the simple mail 
transfer protocol) which fails to layout, somewhat 
kind of confirmation procedure for forwarding 
emails. 


Spoofing utilize the exhibit title artifice: It is 
the majority ordinary form of email spoofing and 
is very triumphant since majority of email clients 
show only the display name directly. With this 
entity the attacker will insert the identity of the 
trusted brand or targeted company into front 
name. This name or type of deception attack is 
easy economic. 


Spoofing is also done by using legitimate 
domains: With inclusion to influence of the front 
line name, sometimes phisher can work with the 
authenticate email address of the targeted 
specification in the form of caption e.g., “United 


> 
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Customer Service”. This type of deception is 
basically called as the estate spoofing deception 
or fraud. Email authentication standards such as 
DMARC can be used by the estate holder in order 
to stop spoofing from the deception. 


Spoofing using looks alike domain: When the 
domain is protected by the email authentication in 
that case it is very difficult to spoof the domain 
name. Attackers are used to or attempt the cheat 
the holder by record and utilize the domain name 
alike or closed to impersonate domain. And these 
types of attacks, known as looks-alike domain 
attacks. For example, attacker uses the rendering 
similarities, such as “PayPal” which reveals the 
particular type face and the way of the manner in 
most common electronic mail holder or user. 
Different type of the lookalike deception is 
adding the disposition from different script in the 
different sets of code for example from header 
"Drop Box" notification@dropbox.com= ">, 
where the 'o' is the cylricic characters. 


Email spoofing and business compromise: 
Comparing last two decades email spoofing and 
phishing attack has been increased in business. 
According to recent study by the “Agari cyber 
intelligence” the strategy is additionally used to 
appeal gifts boards for welfare funding to 
recompense their personnel works. 


Stop electronic - mail spoofing in in case: This is 
very impossible facing to stop the email parody 
from the cyber criminals because attackers are 
always discover different methods to device their 
target and to attack on the system of the user. 
Secure email cloud ensured that targets safety of 
the user from brand impersonation, spoofing etc. 


Web spoofing: Web spoofing are the most 
common attacks which are increasing day by day 
from past recent years. These attacks are easy 
because of two reasons; they are easy to execute 
and they work. Web spoofing is very difficult to 
identify because the fraud takes place outside the 
organization security and parameters. A phisher 
can forget the website which looks identical to the 
original websites just to pretend to the user that 
this site is original. Web spoofing creates the 
original copy of the World Wide Web. 


Modern web browsers have security indicator 
which includes the domain name highlighting and 
HTTPS indicators. Modern web browsers display 
a pad lock icon when the user will visit an 
HTTPS web which is hypertext transfer protocol 
which is known as transport layer security which 
provides encryption and the identification. 
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> DNS cache phishing: DNS domain name server 
spoofing is an attack which alters the DNS 
records. The reason for this attack is making 
request to DNS resolver and then forging the 
reply and it also cause the name server to return in 
correct result record e.g., IP address. 


> Malware: It is a software which is use to disrupt 
computer operation and the sensitive information. 
It can be in the form of scripts, code, active 
content and the other software’s. Malware 
includes viruses, worms, key loggers, spyware, 
Trojans and adware. 


Anti-phishing techniques: 

Anti-phishing tools are based on the variations of the 
procedures that can be used to recognize the tools are 
integrated in to the web browsers that is depicted web 
pages which are phished including white lists, 
blacklists and community ratings. Anti-phishing tools 
are integrated into the web browsers that are depicted. 


Anti-phishing techniques are majorly classified 

into four categories which are as follows- 

> Content filtering: In this method the email and 
the spoofed content are filtered when it get enters 
in the victim mail box using the few methods e.g., 
support vector machines. 


> Blacklisting: It is basically the collection of 
blacklists known phishing websites which are 
published by trusted entity for example Google 
and Microsoft blacklist. 


> Symptom-based prevention measures: It is the 
analysis of the content of each web page which is 
visited by user which produces phishing alerts 
that what type of indications which are to be 
detected. 


> Domain binding: Client browser-based 
technique where the sensitive information is bind 
with the particular domain. Domain binding alerts 
or warns the user when the user visits the domain. 


Caller ID Toolbar: 

Caller ID toolbar use variation in analysis methods in 
arrangement to differentiate the authority of a proven 
websites. Caller ID toolbar depends upon the passive 
visual indicator which changes in green which will 
represent a known good site, and when this indicator 
turns in to yellow it will shows a site with low risk, to 
colour red which will shows that the site is at high 
risk and must be the phished website. Here are 
examination of sites which are originated and created 
by country ,area of enrolment and_ blacklisted 
information. Caller ID Anti -phishing toolbar works 
under Microsoft Windows 98/NT/2000/XP_ with 
Internet Explore [2]. 


Cloud mark Anti-Phishing Toolbar: 

This tool bar depends upon users rating. When user 
visits the site, the user has choice of describe the site 
whether it is genuine or not. With the help of cloud 
anti fraud system it will show the coloured image for 
each visited sites, green image will alerts the user that 
the site is visited or site has been real or not, red 
image indicates or will display the site has been fraud 
by the attackers or criminal, and the yellow icon will 
show the more details which is called to make a 
difference Fraudulent web sites are being blocked by 
the tool bar and the holder are authorized to the 
detailed page and the choice is given to stop or block 
the fake website or link. 


The Cloud mark Anti-Fraud Toolbar runs under the 
Microsoft Windosws98/NT/2000/XP with Internet 
Explorer. 


Earth Link Toolbar: 

It is the combination of the user rating, heuristics and 
analysed verification. The toolbar gives permission t 
the holder to complain about the spoofed phishing 
sites in the tool. The sites have been checked and then 
inserted to the blacklist in case if it is fake and 
spoofed link. This tool also uses to examine the 
domain information like age, owner and the country. 
In this toolbar green thumb legitimate or represent the 
verified sites whereas grey thumbs up show the site is 
not reserved, but it is not confirmed, and red colour 
thumbs up shows the web site is fake. Where the 
yellow colour thumbs down mean the website is 
doubtful. 


Earth link free software runs under Internet Explorer 
as well as Firefox [10]. 


There are also so many tools which are used as anti 
phishing tools like e-bay Toolbar the icon will display 
with alerted lights which will give indication about 
the site that how much safe the site is on the other 
hand other toolbars like Firefox2, Geo Trust Watch 
Toolbar, Microsoft Phishing Filter in Windows 
Internet Explore7, Net craft Anti-Phishing Toolbar, 
Netscape Browser 8.1, Spoof Guard. 


How does one start phishing? 

First the attacker will create his or her own fake 
websites, for example fake Face book web sites 
phishing. php file which will further collect the form 
of data and index. Html page. Then the attacker will 
go directly to the Face book page without logging in. 
Then the attacker will find the link and attacker will 
look forward action. For example  section= 
https://www.facebook.com/login.ph p? (This is the 
attempt one of the attackers). 
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The next step of attacker is he/she will create an 
account on _ free hosting websites  like- 
http://www.mymy.com. Next step is to upload the 
php file and html pages with his or her name, then the 
phishing website is created and the attacker cans start 
phishing. 


The main causes of phishing attack are as follows: 
Today the most common and dangerous type of attack 
is phishing scams and the attack is faced by 
organizations. According to Verizon’s Data Breach 
Digest found that 90% of all the data was breached by 
phishing. There are major 6 reasons of causing 
phishing which are as follows:- 


There are major 7 reasons of causing phishing 

which are as follows:- 

1. User are the weakest link— Users is weakest link 
of phishing because they would not be able to 
recognize or to spot the scams when the user 
receives one and by that point it’s too late, with 
the victim already clicking links, like opening 
attachments and handling towards the user’s name 
and the passwords. But the main positive point is 
weakness that organizations or individuals have 
the power to address. Currently IT departments 
are not at all confident in their own user to 
identify or to recognize in coming threats and 
related attacks. 


2. Insufficient back up process- In ransom ware 
attack, most of the big organizations have 
insufficient back up process. Because of which it 
leaves them unable to quickly restore content on 
servers. 


3. Lack of user testing- Most of the organization 
have no adequate procedures in order to test their 
users and leaving them unable to recognize about 
the attack. 


4. BYOD security risks—Many organizations lack 
(Bring Your Own Device) policy where it makes 
easy to stay connected in with your employee. 
Basically, attackers will take the advantage of 
unsecured devices, networks and the malicious 
applications where the biggest security risks are 
hacking, malware and data leakage. There are 
major BYOD risks which are as follows. 


5. Shadow IT- In this information technology is 
managed outside of the department of the IT 
companies. Where some users use low security 
products or infects the removable storage media 
which leads to data breaching. 


6. Lack of employee training- Many employees in 
the company they may not fully understand the 
requirements of the company which will lead to 
compromising the security risks of the company. 


7. Poor mobile management- When employee 
leaves the company for any reason how can the 
person be ensuring about the no longer mobile 
access of the employee therefore it become easy 
for the attacker to get back in to an app or system 
by using mobile access again. 


Criminal organizations are well funded. Cyber 
criminals are shifting their focus towards the new 
tricks and the ways that how they can get or breach 
the details of the user or victim. Organizations are not 
doing enough the awareness of the staff it’s not only 
the single step to protect the organization. 


Major prevention from the phishing: 

Spoofed messages and web contain few subtle 
mistakes, which includes spelling mistakes and the 
domain name Two factor authentication (2FA). It is 
the most effective method to find out the fraud attack 
where it contains (or add) the extra verification layer 
when user is logging into sensitive applications. 


We can also use 2FA by two ways: 
Something that user know (e.g., password and 
username)* 


By using 2FA addition it should be strict password 
and with management policies. e.g., Need of new 
changed password and not to be allowed to reuse new 
password multiple times. 


By giving some educational campaigns we can also 
get to know about the threat of phishing attacks by 
doing or enforcing secure practices (e.g., by not 
clicking on external links like emails and URL.) 


Do not trust on such emails which will ask you to 
give the personal bank account information and 
OTP’s. 


Updating system with new security software like, 
anti-virus, firewall, spam filters and anti spyware. 


Ignore the pop-up messages which will act as 
phishing rod for the phishers. 


Current Statistics on Phishing Attacks: 

> From 2020, according to the report of FBI 
phishing was most common type of cyber crime 
and it gets doubled in frequency nearly from 
114,702 casein 2019 to 241,324 in 2020. 

> Around 75% of the organization in the world 
experienced the phishing attack in 2020. 


> Another 35% spear phishing attack. 
> 65% of companies faced BEE attack. 


> Where 96% of the phishing attacks was delivered 
by emails. 


> 3% was happened by the malicious website and 
1% via phone calls (which is known as vishing). 
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> 60% of the organization has lost their data. 


> 52% of the organization had faced the account 
compromises. 


> 29% of the organizations are affected by the 
malware attacks. 


> 18% of the financial loses. 
> 47% of ransom ware. 


2. REVIEW OF LITERATURE 

According to Phirashisha Syiemlieh, Golden Marry 
Khongnist, Usha Mary Sharma and Bobby Sharma 
witnessed the huge loss of money globally but the 
most Dreadful loss by the common users their 
personal information are being used against them for 
fraudulent acts even their bank accounts are being 
robbed without their concern by the fake information 
like winning lottery, reservations of hotel at cheap 
rates. According to author phishing is basically 
described as semantic attack where victims are being 
triggered by the attackers to give their bank 
information's. 


There are many types of anti — phishing tool. 
1. Cloud mark anti fraud toolbar 

2. Earth link toolbar 

3. e Bay toolbar 

4. Geo trust watch toolbars 


AI 


According to the Junior Professor “Philip Craiger’, 
Paul K. Burke “&” Chris S. Marberry “they said that 
investigation of the fake or fraudulent websites and 
links or malware can be detected by open — source 
tools. First examiner should be would be capable to 
recognize the tool which further match with the 
requirements and authenticate these tools under 
Daubert Standards. Second many tools runs under 
UNIX-like system (Free BSD, Linux, MacOS X,etc.) 


According to Aakansha Tewari & A.K. Jain& B.B. 
Gupta they discussed about recent developments and 
protection mechanism against variety of attacks and 
the scope of future of results. 


According to the Author “ Jyoti Chikkra” she 
discussed about the false emails which are looking 
legitimate and even the web pages and websites 
where users are asked to enter about their personal 
information which may look clear and she also gave 
the example that phishing is similar looks like fishing 
in a lake, she also explained that how internet has 
changed life human life where internet increased the 
human comfort in life and on the other hand it also 
increases the need for security measures too. Where 
basically the phishing is an online form of identity 
theft. 


She also explained about the phishing theft how the 
things will appear—attacker will create fake emails 
and it has its own email address and the email will be 
delivered to the ISP and then they will get transferred 
to the mail program—from where the attacker they will 
get enter in to the user’s site in case when the user 
will click on or responses over the link. She took the 
Net Craft web server survey of 2013 and noticed 
about the all over phishing attacks which raised about 
73% overall. 


“Akarshita Shankar’, “Ramesh Shetty” and “Badari 
Nath K’— According to them, they had talked about 
the phishing attacks which are going very serious day 
by day according to them there are several methods 
that can used to phish and also used for the detection 
and avoidance of phishing attacks on the system. This 
study provides the in-sight to phishing and the basic 
mechanism about the attack. 


According to them they had done evaluation on the 
constant growth of email user, client server and anti- 
spam filters are being used to find the variations in 
the appearance of the phishing scams. They also 
explained about the URL control features which will 
be capable to identify the connection of an address in 
the mails. They also aimed that in future the surface 
of text mining by enhancing the spam keywords in 
information’s. And it is also aimed to obtain more 
fine and correct results and the basic clarification by 
the help of duplicate | neural networks. 


“Rami M. Mohammad”, Fadi Thabtah, “ Lee Mc 
Clusky they explained about the phishing counter 
measures by legal solutions, education, technical 
solutions and instantaneous based protection 
approach. According to them the site of web sites is 
constantly changing, self-structuring and interactive 
ways in response to the change in environment which 
characterize the websites. 


Author “Dr. Radha Damodaram” she explained about 
the browser integrated tools, eset security, using anti 
phish and Dom techniques where by the set of 
techniques she talked about the detail examinations of 
various ways of operating and handling of the system 
which includes start up, registry content and network 
connections. She used the technology to discover 
hidden objects (root kits). SysInspector signs are 
verified in XML files and it can be presented to IT 
experts for the future examination. 


3. MATERIALS AND METHODS 
Methodology 

By using and some techniques, tools and awareness 
we can detect and analyze the tool. There are different 
types of ways which use to detect the web pages as a 
phished website. 


@ IJTSRD | Unique Paper ID —-IJTSRD49541 | Volume-—6 | Issue—3 | Mar-Apr 2022 


Page 532 


International Journal of Trend in Scientific Research and Development @ www.ijtsrd.com eISSN: 2456-6470 


In article “An Examination Of Anti- Phishing 
Toolbars” the authors used so many tools to detect 
the phishing according to the previous study it 
determined that the area to which why the holder fall 
for the phishing scams in which user can ignore the 
information which is provided by the anti phishing 
toolbar. In this article they told and wrote about that 
how the tools have been used to detect and ignores 
the scammed websites and pages. In this article paper 
the authors has managed the three contributions, first 
is in which they designed and implemented the 
examination bed for digitally determination of the 
anti phishing toolbar, second the research of result 
experiments which assess the ability of ten anti 
phishing to operating the system which uses different 
methods to cipher and to detect the phishing websites. 
Third where the authors described the techniques for 
circumventing each toolbar tested. 


There are different types of methods which can be 
used in the deception of the phishing websites and the 
scams. The toolbars in this research article examined 
the study of the different combinations of the methods 
and observing by using every type of operating 
system r to get general alignments about the process 
of the toolbars. 


Cloud mark Anti- Fraud Toolbar: This tool can be 
used as the Anti- spam, Anti- Phishing and Anti- 
Virus, where the headquarters are situated in ‘San 


Francisco, CA and USA. Cloud mark toolbar takes 
zero hour response, real time protection for all the 
messaging threats. This tool blocks the attack within 
or in between 20 seconds to 3 minutes. Advanced 
fingerprinting algorithms are also used in precise 
identification of electronic mail with a single 
fingerprint whereas the Trust Evaluation System 
(TeS) use to track the reputation of each integrity of 
data and accuracy it also determines when to mark the 
of identify the fingerprint spam, phishing, spam and 
virus. 


When the user visits the website, holder has the 
choice to report the website whether it is genuine or 
not. The operating system will display the colours 
images for each website which person had been 
entered previously. 


Green coloured image indicates the website is 
standardized as authorized site, where red icons 
which will indicate the site has been determines as 
fake and at last the yellow image will tell that nor 
required details is called up on the web site to make 
the examination. The ratings which was given in the 
site by the user have been computed and for further 
the user can use the site by looking over the ratings. 


The cloud mark anti- fraud operating system works 
on the ‘Microsoft Windows 98/NT/2000/NP with the 
Internet Explorer. 


&y Cloudmark - Anti Spam and Spam Blocker Solutions - Microsoft Internet Explorer 


File Edit View Favorites Tools Help 


'€) Back + x] @) ¢; Search sv Favorites £4 
@) http://www.cloudmark.com/ 
@ Cloudmark ~ ge Block ~ O iSite Rating fi] My Rating 


3 hed A 2S 


Figure 1: The Cloudmark Anti-Fraud Toolbar indicating a legitimate site. 


Earth link toolbar: With the togetherness of heuristics, holders views and the written authentication, these 
small details about the URL and link will tell that this site is genuine or not where the earth link toolbar gives 
permission to the user to report the suspected phishing website or link and then these websites can be further 
being checked and inserted to the black list, it can examine the domain name registration information. 


The toolbar will show the thumbs up which swap its colour and place. 


Green coloured thumb shows that the site is legitimate and verified where the grey colour thumb shows that the 
website is not original or real, but it is not concluded. 


The red colour image thumbs down will alert the user and tells that the site is fraudulent and the yellow thumb 
down will mean that the website is doubtful. 


Earthlink operating system works under the ‘Internet Explorer as well as Firefox {10}. 


2 MSN.com - Microsoft Internet Explorer 


File Edit View Favorites Tools Help thd 
x q) “ pe? Search Sie Favorites € > - rel 83 
@) http://wwew.msn.com/ v E} « 
fi tarthlink - v PrSearch ~ Gy qrblocker ~ @& Popp Blocker - 


Figure 2: The EarthLink Toolbar indicating a legitimate site. 
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eBay Toolbar: In this tool account guard indicators has three different types of modes: green, red and grey. 


The icon will display green in the background when the user visits in the genuine website and the red colour will 
display in the back side when the website is called to be phished websites. The image will display in grey when 
the website is not handled by the eBay system the website is called to be phished. 


This toolbar also gives the user to report the site if the user finds that the site is not genuine eBay operating 
system or application works on the ‘Microsoft Windows 98/ME/NT/2000/XP with the Internet Explorer’. 


= MSN.com - Microsoft Internet Explorer E 6 ed 
File Edit View Favorites Tools Help ar 
x) (2) v7, pe Search Sy Favortes £4 &2- = : hus) rel 8 
@) http: }{www.msn.com/ v 8 Go 
eby -| = wv] QAsearch ~ Uf Bccy"t ~ Bry ebay signin for advanced features 


Figure 3: The eBay Toolbar at a site not owned by eBay that is not known to bea phishing site. 


Geo Trust Watch System: This tool works under several reputation services and certification authorities to 
detect and to analyze the entrusted sites. This tool also works under three signals light (green which indicates the 
trusted and verified site, yellow which is not verified or red which is verified as fraudulent). 


The toolbar gives permission tothe user to store custom images which is constantly displayed so that user can 
know that this operating system is not being copied or spoofed. This toolbar works under the “Microsoft 
Windows 98/NT/2000/XP with Internet Explorer”. Trust Watch determines the about the site that is this 
fraudulent or not in which the suspected company compiles a blacklist which included the site reported by the 
user through the button provided by the toolbar. 


 TrustWatch Toolbar - Microsoft Internet Explorer 


File Edit View Favorites Tools Help = 
GO sxx ° x] 2) © yp Search Sy Favortes €&) 62- > we LJ Fel 3 | 
@) http://toolbar.trustwatch.com/ - E} | 


Fe TrustWateh + search wth trusthere... w~ Search » |» S@Report Fraud [Dreedback (toolbar tustwatch. com 
Figure 4: The GeoTrust TrustWatch Toolbar at a verified site. 


Google Safe Browsing: It is designed to identify the fradulent websites and the privacy of Google browsing 
basically was really a Firefox Extension and currently this is integrated into full toolbar which is built into 
Firefox 2.0. and gives the source cipher for the secure browsing feature and check URL’s against a blacklist. 


When site get downloaded the tool get combines with advanced technologies and algorithm with project about 
miseading page from the number of sources whereas the conclusion is this tool uses blacklist as well as 
heuristics. 


The toolbar also includes the page rank. It popsup out when the site is suspected fradulent which alerts the user 
and the user will leave and ignore the site. The toolbar also provides the up to date protection by sending URL’s 
sites. This can runs under the ‘Microsoft Internet Explorer under the Windows XP/2000 SP3+, or Firefox on 
most of the platforms’. 


) rinad.us - Mozilla Firefox 


Eile Edit View History Bookmarks Tools Help 
<< . . e Oy Z http://www.chase.com.ccpmapp.rinad.us/index.php 


Google - v) +) \G) Search ~ @ PageRank a8 Check + HR A 


=| Suspected Web Forgery 


This page has been reported as a web forgery designed to 
trick users into sharing personal or financial information. 
Entering any personal information on this page may result in 
identity theft or other fraud. Read more » 


Get me out of here! Ignore this warning 


[ This isn't a web forgery J 


Figure 5: The Google Toolbar at a fraudulent site. 
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McAfee Site Advisor: “Works and runs under Microsoft Windows, Linux and Mac OS X with the Firefox Web 
Browser and Internet Explorer under Windows “. 


The toolbar follows the traffic light model where green indicator indicates that the website has determined to be 
good; but red colour indicator points some serious issue and other yellow colour points that the site may have 
some small issues had in the past and it remains grey when the site information is not present. 


The above given determination is done by the manual verification and automated heuristics. Where the toolbar 
will examine the domain (name age, date of birth etc.) registration and the user reviews. 


MSN.com - Microsoft Internet Explorer 


File Edit View Favorites Tools Help a? | 
| 

x | | ¢ _p Search 5{y Fevortes & > ae : locas) rel 3 | 

@) beep: sn.com) ¥ E) so  Cmteieestesdvisons’ | 


Figure 6: McAfee SiteAdvisor at a verified good site. 


Microsoft Phishing Filter in Window Internet Explorer 7: This toolbar runs under the “Microsoft Internet 
Explorer 7 web browser” which built in the phished filters and basically this toolbar is depend on the blacklist 
which is hosted by the Microsoft. 


When the user comes in contact with the suspicious or suspected phishing website the user is directly redirected 
to the warning message and asked that they want to visit the site or close the window. 


€ Reported Phishing Website: Navigation Blocked - Windows Internet Explorer = ogg | 
6 ~  € http;//222.138.69.204:82/ebay.com/L.htm ¥ | ef Phishing Website *s X P- 
|e ip > pPage~ Gis @- HDB 


Figure 7: The Microsoft Phishing Filter in Windows Internet Explorer 7 at a fraudulent web site. 


Net craft Anti Phishing Toolbar: This toolbar basically runs under ‘Firefox 1.0 and Microsoft Internet 
Explorer under Window 2000/XP. 


It traps suspicious URL’s, and apply to show of the browser map reading controls in all the windows, in order to 
protect against the popup window that attempts to hide the reading controls measures, and it directly shows to 
the websites by clarifying the location. 


The net craft toolbar will block list the site o the basis of the reviews and feedback exempted by users. 


When holder tries to generate the website which present on the black list then that popup warning will warn the 
user which cancels the access of the user on that particular black listed websites, operating system also displays 
the viewer between one to ten ratings and also as at the hosting navigation of the website. 


2 MSN.com - Microsoft Internet Explorer 


File Edit View Favorites Tools Help i 
x) (2) ¢, p> Search she Favontes & > : i) Fel 3 
@) http: //wow.msn.com/ v Go 


~ Services + RiskROUINS Since; Jan 1996 Rank: 26 Site Report PEE}[US] Microsoft Corp 
= 


Figure 8: The Netcraft Anti-Phishing Toolbar at a legitimate web site. 


Netscape Browser 8.1: This toolbar runs under the Microsoft Windows, Linux and Mac OS X. It also includes 
phishing filters, or it also relies on the black list which can be set up by the AOL and reconditioned frequently, 
and when the suspects gets enters inside the phishing site which redirected to built the user in warning page, 
where the user are shown to the real or original URL. 


Spoof Guard: This runs under‘Microsoft Windows 98/NT/2000/XP but with the Internet Explorer’. 


Spoof guard does not use white and black lists instead of this the tool employs a sequence of profiling to know 
the phished sites.The very first step is to check the name of the domain and the comparison is done with the 
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websites which has been freshly entered by the user or holder, in order to catch the fraudulent websites that have 
domain name similar. 


Next the URL is examined and detects the confusion as well as non pointed port numbers. 


After this the appeal on the webpage has been examined or goes through by looking over the record of making 
password fields, lodge links and the icons. 


Spoof guard computes the outcome for each and every webpage in the type of laded score of the outcome of 
each set of profiling, if the outcome exceeds a particular entrance, the tool will show red image which means the 
website is fully phished, when the image turns in colour yellow which indicates that the site cannot be examined 
about the websites, when it turns into the green it indicates the site is safe to use. 


i MSN.com - Microsoft Internet Explorer 


File Edit View Favorites Tools Help a | 
x| a) ¢, p> Search 5) ¢ Favorites & ee Lad Fel 3 
@) http:{/www.msn.com/ v E} co O FAJoptions... XK Reset... 


Figure 10: SpoofGuard at a legitimate web site. 


There are some experiments and analysis step which are performed by the authors and are as follows: 

Get potential phishing sites from phishing feeds. Task manager will download the URLs from the phishing 
feeds. To obtain the catalogue of the phished websites the initial is to take out the URLs from the phishing 
electronic mails. Where phished electronic mails contains link to genuine and fake web sites, then it manually 
confirms that remaining URLs are scams. 


Heuristics will remove first URLs which points to the image (as against to HTML pages) and the websites that 
do not contain any written file entry fields which appealed the tactful information like passwords, name, age, 
work and credit card numbers. 


Second is profiling which uses as variant of Robust Hyperlinks which removes the sites which are legitimate. 
The word contains the linguistically signatures and then cater into the search engine. 


The matches are important in the recent web page and the designation name which is on the ridge look result. 


Testing methodology: Basically the examining anti- phishing toolbars will take too much time and very hard to 
proceed, and the final outcome which should be matched, with the multiple tools need to be examined on the 
same of the uniform resource locator within the short period of time. 


The toolbar need to examined with URLs withdraw from the phished messages after that the arrival on the 
holder mail boxes. All the toolbars examined appear to have some problems. Anti — fraud toolbar could help to 
examine all the fake web sites without any incorrect positive result, but if it has usability problems user may still 
fall to fraud. In upcoming days, or in future the technically sound tools is of little use that what is trying to 
communicate them, it would be worth to know that the user examination still have many solutions which are 
already popular in use. 


How the user reacts to the danger or online threat as well as, how the user will react with the false positive. 


In another article the author told about the Anti- Phishing Simulator: 
The Bayesian Classification algorithm is used in the database. It instantly works on spam messages to those 
words that have stimulating clause like shopping, lottery etc. The page HTML code with the URL control. 


The main aim and work of this simulator is to command the safety of details of the user and to prevent violations 
to check that spam is present on the recent data or not. 
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The below given flow chart with the direction will tell that how the actual work happens. 
By the use of Bayesian Classifier 


Phishng electronic mail preapared by an phisher- 


Electronic mails etc. use of comunication media 


Creating fake email id 


Phishng mail sending to the user 


Phished mails as the mail to the system 


Receving email with ‘imap.gmail.com 


Mail matching with “blacklist” 


The rapid extension of email holders has calculated in emails which are becoming so advanced. Anti- spamming 
filters are use to pin point the varieties features of spam emails, many effective methods and shortcuts are being 
enhanced with the insertion of spam senders data as digital images, ppts, pdf and words. 


Anti- phishing system gathers the phished mails and spammed messages at mutual point. It allows the user to 
handle the spam box whenever the user wants it. In future it is aimed to detect with the ground content mining is 
growing rapidly by the spam keyword detailed information, it also focuses to get the most excepted outcome and 
differentiation with the artificial neural networks. 


4. RESULT AND DISCUSSION 

Result: 

According to many research articles the anti-phishing toolbar which were examined in the study, for example- 
spoof guard anti- phishing toolbar which is best for the identification of the fraudulent and phished web sites and 
is also known to make the no use of the blacklists with the help of heuristics toolbar also allow to detect the 
spoofed websites, by it had very high false positive rate, on the other side the other toolbars like ‘Earth link, 
Google, Net craft, Cloud mark, IE7, identified most of the fraudulent websites correctly but few are false 
positive like these tools missed 19% of fraudulent websites and the performance of other four toolbar are correct 
— which identifies less than half fraudulent sites. 


Most of the system was also capable to recognize the phishing websites. In this study with the help of the 
combination of the technologies and toolbars the phished websites can be determined. In order to get the 
comparable result we need multiple toolbars which should tested on the equivalent set of the uniform resource 
locators with less duration of time. 


Toolbars or operating system should be examined with the uniform resource locators bring out the messages 
right away when it arrives in the mailbox of the user. 


Researchers also observed some variations in result on the basis of the use of the toolbars APWG feed larger 
fraction of spoofed websites and by the use of feeds captures moved to their blacklists not in the tool recognized 
all the phishing URLs links. 
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Discussion: 

Overall the anti- phishing operating system was 
analysed in the above given statements and according 
that which a lot of work to be desired. One of the best 
toolbar is Spoof Guard which did very great job in the 
identification of the fraudulent websites, but this 
toolbar also performed some false positive result and 
recognizes a huge number of fraction of genuine fake 
websites and on other side or hand, the another type 
of toolbars like Earth Link, Google, Net craft, cloud 
mark, and IE7 were able to find out the most 
fraudulent websites and have also false positive 
results because they missed more than fifteen percent 
of fake websites and the other tools will positively 
recognized the fake websites and sometimes few tools 
are not able to identify the fraudulent websites. 


There is no single technique which will always give 
accurate result for the identification of the phishing 
websites for example many of the system which are 
used blacklists yet just half of the tools were capable 
to recognize the fake websites. Sometimes the tools 
can also use profiling which will give permission to 
recognize the phished websites which yet not been 
put into the black lists and on the other hand the only 
toolbar tested is known no use of blacklist which was 
spoof guard. Spoof guard may also be improved 
through the use of white lists, will prevent the 
problems which occur when the phishing websites 
when user visits before their alternative genuine 
websites. 
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By examination methods — anti phishing toolbar takes 
more time to analyze and not easy procedure and to 
get the complete compatible results many types of 
operating systems need to be checked on the equal set 
of the uniform resource locator at the short period of 
time and the uniform resource locators are the only 
useful for the testing and detecting purpose, 
sometimes testing URLs are very problematic. Most 
of the operating system use the results as input in 
their devices (blacklists) however not even a single 
toolbar is capable to identify the phishing websites 
properly. There were lots of differences which were 
observed because of the results and how much the 
alterations in the tools on the operating system and 
the procedure maintaining for their blacklists. 


There are many other toolbars which is directly 
interacts with the user. There are eight of the ten 
toolbars examined and indicates the user on the bases 
if the colours where green colour shows the genuine 
website and red colour shows the correctly recognizes 
phished websites and other seven toolbar used yellow 
colour or gray colour image shows that no result is 
satisfied about the identified site. 


Coloured indicators uses pops- up the dialog boxes 
warns when the website recognized the fake websites. 
While the other toolbars blocks the phishing sites 
unless the user overrides the block. According to the 
previous studies shows that presented with dialog 
boxes which contains button which automatically 
dismiss them, many suser use to dismiss the boxes 
without reading from where the user will get phished. 


5. SUMMARY AND CONCLUSION 
Summary: 

The word phishing which is very unique and basically 
derived from the analogy of early internet criminals 
where it means - “‘fish for passwords and for financial 
data” from the unsuspecting internet users. Or 
basically the phishing refers to the process of 
breaching the personal information like bank details, 
card number and passwords of the user in order to 
gain some money and the attackers use to target the 
individual contacted them by the emails or telephones 
and by pretending legitimate institution which can 
result in identity theft and the financial loss. By using 
some techniques and by the combination of the tools 
we can detect and analyze the phished websites and 
can also learn about the prevention measures from the 
phishing attack. Spoofed messages and web contains 
few subtle mistakes, which include spelling mistakes 
or domain name, two factor authentications (2FA). It 
is the most effective method to find out the fraud or 
attack where it contains (or add) the extra verification 
layer when user is logging in to sensitive applications. 
Do not trust on such emails which will ask you to 


give the personal bank account information and 
OTP’s, updating system with new security software 
like, antivirus, firewall, spam filters and anti spyware, 
ignore the pop up messages which will act s phishing 
rod for the attackers. 


Conclusion: 

On the basis of experiment assessment the effects of 
five phishing toolbars, by the evaluation of results of 
large data sets across the long period of time, and 
they found that three of the ten toolbars like- Spoof 
Guard, Earth link and Net craft these three toolbar are 
correctly capable to recognize the 75 percent of the 
fake and phished sites positively during same time 
period, Spoof Guard mistakenly found the 38 percent 
of the authorized Uniform Resource Locators. as 
phished Uniform Resource Locators. And by looking 
over this percentage of the error might nullify the 
benefits of the spoof guard offers in detecting the 
sites. By looking over all errors the final outcome 
comes out that more or advanced work is needed to 
do in the area of the operating system and operation 
of the tools. 


While using the anti- phishing operating system 
sometimes bad use which could mean s the difference 
between correct steering someone away from the 
phishing site and having them ignore the alerts only 
comes out when the victim of the theft or eyewitness. 
And according to the study some interesting facts 
comes about the attacker which he/she would go in 
order to fulfil the desirable needs. Organizations are 
taking an initiative move of spreading awareness 
statement about the fake information’s which will 
alert the user fro, getting robbed or phished. 


The main goal of this study is to protect the big 
organizations and every common innocent people 
from the phishing attack by alerting them about the 
real facts and real way that how the attackers trap the 
users. By carefully going through the websites 
“sender is not valid valdosta.edu address “Admin 
Team” which do not match with email address 
@pugmarks.com which is not valid, subject line is in 
all capital letters and multiple exclamation which are 
trying to get the attention, highlighted “Click Here 
“by clicking on this external sites will start steal your 
credentials and will install malicious software. 


There is many other major problems which phases 
each person and every organization for example - 
Bank account breaching, Lack of awareness about 
phishing to the organizations ,Weakest links (users), 
Backup process is insufficient, Security risks, 
Organization of attackers are well funded, Phishing 
tools are at low cost, Malware is becoming 
sophisticated, Use of password multiple times. 
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